Redwood City, California, July 19, 2017 – Avast, the global leader in digital security products, today announced that it has acquired Piriform, the leading provider of device performance optimization software. Founded and based in London, UK, Piriform’s flagship product, CCleaner, speeds up PCs and smartphones by intelligently removing junk and improving the performance of computers and phones.

CCleaner is a leading brand in the market, used by 130 million people, including 15 million Android users. CCleaner has an extensive and extremely loyal community of tech-savvy users, who need to speed up and optimize their PC and Android experience. Avast will maintain the CCleaner brand of products along with Avast’s existing performance optimization products, Avast Cleanup and AVG Tune Up. With the addition of CCleaner, Avast has dramatically expanded its product offerings in the PC and smartphone optimization market reaching customers around the world who demand faster performance.

“We see many commonalities between CCleaner and Avast, allowing for great new products for our user bases. Avast and CCleaner are the top two downloaded products on popular download sites. They are both known by advanced users as focused on performance, so we believe there will be a great interest from our CCleaner customers in using Avast security products and vice versa,” said Vince Steckler, CEO of Avast. “In today’s connected world, it’s all about speed and high performance, and with Piriform’s robust technology we can address this need perfectly. We look forward to working with the Piriform team to grow the business together.”

The Piriform team will be a part of the Avast consumer business unit, and report to Ondrej Vlcek, Avast CTO and EVP & GM, Consumer.

Looks like your fears were founded, Avast put malware in CCleaner for a month, and yet another glowing example of WHY FORCED AUTOMATIC UPDATES ARE A BAD IDEA! Thankfully CCleaner Free Edition are manual updates, and if most people are like me, they don't update it.

Cisco’s Talos Intelligence security research group found that CCleaner, a popular piece of software that allows users to do routine maintenance on their Windows PCs, has been distributing malware along with its installation file for almost a month. Piriform was the previous owner of CCleaner, but the company has recently been acquired by antivirus maker Avast, which makes the whole situation quite ironic.

CCleaner’s Suspicious Activity

On September 13, Talos was conducting some beta testing for its new exploit detection technology when it noticed that CCleaner 5.33 (the latest version at the time) was being flagged by the new software.

The Talos team further analyzed the CCleaner file, and although the file was correctly signed by the vendor, CCleaner was not the only application being downloaded on users’ systems. The 32-bit binary of CCleaner 5.33 also included a malicious payload with a connection to a hardcoded command and control server.

The affected version of CCleaner (v5.33) was released on August 15, which gave the malware almost a month to infect CCleaner users. Version 5.34 came out on September 12, the same day the CCleaner devs found the malware themselves, and it didn’t have the malware bundled with it.